Post date: Jul 4, 2011 1:56:25 PM
Root SSH
Enabling password-less ssh/scp between mesh boxes
What does it do
Allows ssh root login between mesh boxes without password prompt
Allows scp root copy between mesh boxes without password prompt
Warning
If someone gets into one box as root they will have access to all your other boxes
Setup
The problem for ssh appears to be the directory that the authorized key file is stored in by default.
I'm putting my mesh local setup under a root owned directory /owner with permission 700. Under this I've create a sub dir .ssh with permission 600, and in this directory you will need to place your authorized_keys file with the public key files from all the nodes
Step 1
on each mesh box, login as root, go to directory /root/.ssh, and run
ssh-keygen -t rsa
I entered blank phrases otherwise it will prompt during login. This will generata an id_rsa and id_rsa.pub in the directory
Step 2
Take all the id_rsa.pub files , and place them in a single file call authorized_keys
Step 3
Distribute this file to all mesh boxes, putting it in directory /local/.shh, and set the files permissions to 600
Step 4
Reconfigure sshd to use this new authorized_keys file. Edit /etc/ssh/sshd_config, and insert/change line to
AuthorizedKeysFile /local/.shh/authorized_keys
Testing ssh
You can test ssh by starting it in debug mode on a different port (standard 22)
On target box
sshd -d -p 6022
(start in debug mode on port 6022)
On source box , login using
ssh -l root -vvv -p 6022 targetboxip
Both boxes will then show interactive debug messages. When you exit the ssh command on the source box , the target box sshd should exit.
Once working, you should restart sshd, or reboot the box. I think restarting will terminate your session.
/etc/rc.d/rc.sshd restart